PHP Zend And GD Multiple Denial Of Service Vulnerabilities Network Vulnerability

Summary

This host is running PHP and is prone to multiple denial of service vulnerabilities.

Impact

Successful exploitation could allow local attackers to crash the affected application, denying service to legitimate users. Impact Level: Application/Network

Solution

upgrade to PHP 5.3.5 or later For updates refer to http://www.php.net/downloads.php

Insight

The flaws are due to: - An use-after-free error in the 'Zend' engine, which allows remote attackers to cause a denial of service. - A stack-based buffer overflow in the 'GD' extension, which allows attackers to cause a denial of service.

Affected

PHPversion prior to 5.2.15 and 5.3.x before 5.3.4

References

http://bugs.php.net/52879
http://www.php.net/ChangeLog-5.php

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-4697, CVE-2010-4698
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Firefox XUL Parsing Denial of Service Vulnerability (Win)
COWON Media Center JetAudio .wav File Denial Of Service Vulnerability
Apple Safari 'WebKit.dll' Stack Consumption Vulnerability
Firefox Browser Libxul Memory Leak Remote DoS Vulnerability - Linux
Freefloat FTP Server 'ALLO' Command Remote Buffer Overflow Vulnerability

PHP Zend and GD Multiple Denial of Service Vulnerabilities

Take action and discover your vulnerabilities